1 files changed, 15 insertions, 20 deletions

diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb
index 8eebf9fbf6b..9e0ca28a5ea 100644
--- a/app/controllers/jwt_controller.rb
+++ b/app/controllers/jwt_controller.rb
@@ -36,31 +36,26 @@ class JwtController < ApplicationController
       @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: nil, ip: request.ip)
 
       if @authentication_result.failed?
-        render_unauthorized
+        render_access_denied
       end
     end
   rescue Gitlab::Auth::MissingPersonalAccessTokenError
-    render_missing_personal_access_token
+    render_access_denied
   end
 
-  def render_missing_personal_access_token
-    render json: {
-      errors: [
-        { code: 'UNAUTHORIZED',
-          message: _('HTTP Basic: Access denied\n' \
-                   'You must use a personal access token with \'api\' scope for Git over HTTP.\n' \
-                   'You can generate one at %{profile_personal_access_tokens_url}') % { profile_personal_access_tokens_url: profile_personal_access_tokens_url } }
-      ]
-    }, status: :unauthorized
-  end
-
-  def render_unauthorized
-    render json: {
-      errors: [
-        { code: 'UNAUTHORIZED',
-          message: 'HTTP Basic: Access denied' }
-      ]
-    }, status: :unauthorized
+  def render_access_denied
+    help_page = help_page_url(
+      'user/profile/account/two_factor_authentication',
+      anchor: 'troubleshooting'
+    )
+
+    render(
+      json: { errors: [{
+        code: 'UNAUTHORIZED',
+        message: format(_("HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password. See %{help_page_url}"), help_page_url: help_page)
+      }] },
+      status: :unauthorized
+    )
   end
 
   def auth_params